A credit card, cash card or the like typically comprises a magnetic card which has a magnetic stripe (i.e., a strip of magnetic tape affixed to the card) memory capable of storing a small quantity of information. Included in the stored information is a secret identification number (PIN or personal identification number) intended to be known only by the user, which allows the user of the card to identify himself and thereby gain access to other information in the data base to which the user terminal is connected.
A subsequent alternative to a magnetic card as a single purpose information access device (e.g., credit card, cash card, door key, etc.) is an integrated circuit (IC) card having an onboard changeable memory. Such an IC card has a memory capacity substantially larger than that of a magnetic card. Where properly identified (e.g., by entry of an appropriate PIN), the user of an IC card may access and modify information stored in both a central data base and in the memory of the card.
Pursuant to a conventional system for issuing a card and registering an identification number for the issued card (see FIG. 3), a card issuer 11 (such as a credit institution) embosses the name of a cardsystem candidate 12 (i.e., a person who wishes to obtain admission to the issuer's card system) and the available admission period on the surface of an unissued card 13. The issuer then stores an account number and sends an issued card 14 to the candidate 12. Upon receipt of the issued card 14, the candidate completes an identification number application 15 and presents it, along with the issued card 14, to a clerk 16 of the card issuer 11. The clerk 16 confirms that the card 14 is one which was issued by the issuer 11, and then enters the identification number into a register 17 by means of a keyboard 18, thereby making a complete card 19 in accordance with the contents of the identification number application 15. The complete card 19 is delivered to the candidate 12 (i.e., user), who may thereafter gain access to stored information by first providing the registered identification number.
As may be appreciated, although it has been tolerated, it is inconvenient for a user to have a plurality of different cards from different issuers. Thus, it may be desirable for a plurality of issuers to share the same memory medium (i.e., card) to provide the user with access to information provided by the issuers (e.g., bank account information, credit account information, etc.). Such sharing would be very superficial in magnetic stripe cards--the issuers share or otherwise interact between different data bases, with the magnetic card allowing the user to access these different data bases. With IC cards, the possibilities increase due to their larger memory capacity, but security problems arise since a greater quantity of potentially sensitive, changeable information can be carried right on the card.
If the above-described conventional code-writing apparatus (register 7 and keyboard 8) is used on this type of multiple issuer IC card, there is a strong possibility that information regarding one of the issuers and the card user (which is accessible through the card) may become known by the other card issuers. This can happen since only the identification number of the card user (e.g., the PIN number) is written in a protected area of memory--all of the other information including all current transaction information, would be available to any issuer. Thus, for example, if a user possessed an IC card capable of performing transactions with four issuers, each of the four issuers would have access to the data, which should be secret, of the other three. Consequently, the conventional coding system creates secrecy problems when used with an IC card which is shared by multiple issuers.